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Appl. No. 09/735,088 

Amdt dated December 27, 2004 

Reply to Office action of October 1 , 2004 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1, (Currently amended) A oryptograph i o system in a computer system, said 
cryptog raph i c system comprising: 
a t leas t on e server; 

a database , said databaoo comprLsinq oon s truetod and or r ang o d to conta i n 
oono i tivo Inform a tton data . said databas e and responsive to signals 
from on e of s aid a t le a s t one said server; 

ontorprise - cred e nt ial s -s tored i n sa i d dat a b ase ; 

a key repository process executing on on e of s aid at l east one said server 7 
s aid - k e y - ropoGto f v and fravtR ecomprisina at le ast on ea master key 
used bv -; -sai d - at - le a s t on e- mootor koy boin ^GQftstr-ueted-aRd 
a rrange d said key repository process to protect m a nag e said 
data information i n said databas e , — s a i d- k e y r e pos i tory furth e r 
constructed and arrangod to authoriz e acc e ss to sa i d s e ns i tiv e 
I nformation in sai d d a taba se , s a i d k o y re p ository furthor oonctruotod 
and arrang e d to acc es s s ai d e nterprise orodontia l s ; and 

at least on ean application program executing on at- least one of said at 
Jeaet-one§ajd server; 

wherein said key repositor y process i ts onab le d — te - r e cord — stores and 
retrieves authorization information maintained in said database x 
said authorization information thos e used to determine if said 
applications program that arei a authorized to e&ain -access said 
dateLe nt e rpri se- oF ede ntia lsiand 

wherein said key repository process prevents access to said data bv.said 
application program if said application program is not authorized. 
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2. (Currently amended) A cryptograph i c c omE>utei >ystem as in claim 1, 
wherein said kev repository process u ses said at l east one master key is _proteo t o 
decrypt said dajase n si t i v e i nformation i n ooid dotabooo . 

3. (Currently amended) A cryptographic computer system as in claim 1, 
wherein said repository process uses said a t le ast on e master key to p rovid e s 
privaov prot e ot i on - te encrypt said data oono i tivo i nformat i on - on s a i d databas e. 

4. (Currently amended) A oryptogr a ph i o computer e vstem as In claim 1, 
wherein said dalaLseRsi t i v & toformation is comprises a public key. 

5. (Currently amended) A cryptograph i c computer system as in claim 1, 
wherein said data s e ns i tiv e i nform a tion is comprises a secret. 

6. (Currently amended) A cryptogr a phic computer system as in claim 1, 
wherein said data s e n siti v e- infofmation i s comprises a private key, 

7. (Currently amended) A cryptograph i c computer system as in claim 1, 
wherein said data oons i t i vo i nformation is comprises a symmetric key. 

8. (Currently amended) A cryptograph i c computer__ system as in claim 1, 
wherein said data se n s it i v e informat i on i s comprises a certification authority 
certificate. 

9. (Currently amended) A cryptogr a phic - computer system as in claim 1, 
wherein said master keve afe -is maintained k ept-in physical memory. 

10. (Currently amended) A cryptographic computer system as in claim 1, 
wherein said master keys aro -ke & t is maintained in non-swappable physical 
memory. 
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| 11. (Currently amended) A e FyptogF a phic computer system as in claim 10, 
wherein said non-swappable physical memory is protected. 

12. (Currently amended) A orvptograDhio computer system as in claim 1, 
wherein said master keys ar e k e p - t is maintained in virtual memory. 

13. (Currently amended) A cryptograph i c - computer system as in claim 1, 
wherein said- said master kev k e v r e po si tory s tor es a r> -i nt e gr i ty k e y, paid 

I nt e gr i ty k e y construct e d - and -arrang e d to e n s ur e th e ■i ntegrity-ef 
said —is used to decrypt s e ns i tiv e i nform a tion - a public key en 
maintained in said database ; and 
wherein said public key is used to encrypt said data , 

14. (Currently amended) A cryptograph i c computer system as in claim 13, 
wherein said key repository process further stores -comprises a pfeteetien-second 
master kev, said prot e ction -second master key construct e d - and - ar ra ng e d to 
protoct oaid Q e n si t i v e- mformat i orvon -s aid - dQtabQSo used to encrypt the public key . 

15. (Cancelled). 

16. (Currently amended) A cryptograph i a -cgrnput_e_L syBtem i n a oompu tef 
s yst e m , Gaid oryptogroph i o syetom comprising: 

a t least or b server; < 

a database^ — said — d a tabase construct e d — and — arrang e d — to — ©entato 
comprising sens i t i v e — i nformat i on enterprise credentials , said 
database responsive to signals from ono of said a t le a s t on e server; 

Gons i t i v e se or e te otorod in ^ s a i d- databas e ; 

an t l oast ono application process executing on said at loaot one server; 

and 

a key repository process executinQ- on said at loaot ono server, said key 
repository process having a t le a s t on e master key, said ot l oast - on e 
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master key being constructed a nd orrang e d used bv said key 
repository process to manag e protect said i nformat i on - - enterprise 
credentials l n oaid databaGo. : 

wherein said key repository furth e r const f uo te d and orrangod to otoro 
maintains in said database the Identity of those s a i d at le ast-on e 
application processe s t hat aro authorized to access said sons i tivo 
seeret senterpri$$ credentials oaid k oy ropesitop^w4hor o o no t r u o t o d 
and-ar-ranged- to p e rmit qocoos to sa i d se nsit i v e se cr e te by sa i d at 
l east ono app li cation ; and 

wherein if said at le ast ono application process is authorized to access 
said enterprise credentials s on si t i vo — s BGr e t s, then said key 
repository process t ransmits said s e n s it i v e s e cr e ts enterorise 
credentials to said at loaot ono application process . 

17. (Currently amended) A computer o i ypt Q Qr a ph le-svstem as in claim 16, 
wherein said a t -le a s t - on e - master key protects said oono i tivo inf e rmat i on - tiv eai d 
databa se enterprise credentials from modification. 

18. (Currently amended) A computer Grvptograph i G system as in claim 16, 
wherein said at le ast on e master key provides privacy protection to said sensitive 
informat i on i n sa i d databa se e nterprise credentials . 

19. (Currently amended) A computeL. GfyptegraphjG^-system as in claim 16, 
wherein said at-lea&t-ene-ef-master key protects said se n siti v e-i nformat i on in sa id 
d a t a b a s eenterprise credentials from unauthorized deletion. 

20. (Currently amended) A computer oryptographkH system as in claim 16, 
wherein said se n s i ti v e se cr e t i s enterprise credentials comprise a public key. 

21. (Currently amended) A computer on/ptograph i o system as in claim 16, 
wherein said enterprise credentials comprise s eneit ivo coorot i s a private key, 
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22. (Currently amended) A computer cryptograph i c system as in claim 16, 
wherein said enterprise credentials comprise s e ns i tiv e se cr e t i s -a symmetric key. 

23. (Currently amended) A computer cryptographic system as in claim 16, 
wherein said enterprise credentials comprise Gono i t i vo aoorot io a trust root. 

24. (Currently amended) A computer cryptographic system as in claim 23, 
wherein said trust root is -comprises a digital fingerprint 

25. (Currently amended) A computer Grvptograoh i o system as in claim 23, 
wherein said trust root comprises is-a checksum. 

26. (Currently amended) A computer orvptogr aEhio-svstem as in claim 23, 
wherein said trust root comprises i s-a hash. 

27. (Currently amended) A computer crvptogrep hie-svstem as in claim 23, 
wherein said trust root comprises i s-a cryptographic mechanism. 

28. (Currently amended) A computer oryptographio system as In claim 16, 
wherein said keys-are js kept in physical memory. 

29. (Currently amended) A computer cryptographic system as In claim 16, 
wherein said key e - ar e j s kept in non-swappable physical memory. 

30. (Currently amended) A computer orvptogrophio system as in claim 16, 
wherein said non-swappable physical memory is protected. 

31. (Currently amended) A computer, oryptograph i c system as in claim 16, 
wherein said keys-arej^ kept in virtual memory. 
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32. (Currently amended) A method of a uthor i z i ng acc e ss to sens i t i ve) 
s e cr e ts on a oomput e r s y s t e m, sa i d comput e r syst e m hav i ng a oorvor, on 
app li cat i on, a databaso on sa i d serv e r - , - - s e ns i tive) soorots on caid-e e rv e r, and - a 
koy repo s itory hav i ng at -le ast ono m a stor key to monogo oa i d o e ns i t w o oo or ot s 
e n sa i d databaoo , ca i dmot fr o d-comprising th e st e ps of: 

(a) storing authorization information and data in satd-a^database^ 
said authorization information and said data that i s a ccessible by 
said-a_key repository process : 

(b) storing a master kev in said database, said master key used by 
said key repository process to protect said data; 

(fee) querying said key repository process bv ea+d-an^application 
program for access to said s o frativ o - see pe t sdata; 

(bsL) determining if said application program is authorized to access 
said GG R & te vo — s e er - o te data by querying said authorization 
information in said database; and 

(dg) if said application program is authorized to access said conc i tive 
oeorots data . then transmitting said oono i t i vo soorotod ata 
said k e y r e pos i tory - to said application programs 

wh e r e in - s ai d - appl i cat i on oan i nvoko cryptograph i c r e sourc e s o n oai d 
server. 

33. (Currently amended) The method of claim 32, sai d - -m e thod further 
comprising— bofore said st e p b), directing said key repository process _t o 
recognize anJnstancee of said application program before Quer ying said key 
repository process . 

34. (Currently amended) The method of claim 32, wherein said key 
repository process is constructed and arranged to record said authorization 
Information in said database. 
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35. (Currently amended) The method of claim 32, wherein at he f i rst of s a i d 
twe-master keys protects said se ns i tiv e se or e ts data from modification. 

36. (Currently amended) The method of claim 32, wherein a -the sooond of 
sa i d two master keys provides privacy protection of said se n si t i ve soor - oto data 
on sa i d database 

37. (Currently amended) The method of claim 32, wherein at-leas t on e of 
said se n si t i v e se cre te-is data comprises a public key. 

38. (Currently amended) The method of claim 32, wherein at lea st o na of 
said se ns i t i v e se cr e t s i e data comprises a private key. 

39. (Currently amended) The method of claim 32, wherein at le ast on e- o f-said 
conc i tivo sooroto isflata qpmpri393 a symmetric key. 

40. (Currently amended) The method of claim 32, wherein at l e a s t on e of 
said s e n si t i v e se c re t s i e data comprises a trust root. 

41. (Currently amended) The method of claim 32, wherein at le ast on e of 
said s e -Rsi t i v e se cr e t s i s data comprises a digital fingerprint. 

42. (Currently amended) The method of claim 32, wherein at l east ofie-of 
said data comprises sono i t i v e s e cr e ts i s a digital signature, 

43. (Currently amended) The method of claim 32, wherein at~least-ono of 
said data comprises sens i t i v e s e cr e ts is a digital certificate. 

44. (Currently amended) The method of claim 32, wherein ot l oast one of 
said data comprises soncit i ve secrets is a checksum, 
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45. (Currently amended) The method of claim 32, wherein at l oaot ono of 
said data comprises s e n s itive se cr e ts i s a hash. 

46. (Currently amended) The method of claim 32, wherein at loaot ono of 
said data comprises se ns i t i v e sao rets4e-a characteristic code sequence. 

47. (Currently amended) The method of claim 32, wherein said master keys 
aFeJs kept in physical memory. 

48. (Currently amended) The method of claim 32, wherein said master keys 
af©js kept in non-swappable physical memory. 

49. (Original) The method of claim 48, wherein said non-swappable 
memory is protected. 

60. (Currently amended) The method of claim 32 , wherein said master keys 
afeia stored in virtual memory. 

51, (Currently amended) The method of claim 32, wherein said at leas t ' On e 
master key ^comprises an Integrity key, said Integrity key being constructed 
and arranged to ensure the Integrity of said oono i tivo soorots on oo i d 
databa se data , 



52. (Currently amended) The method of claim 32, wherein said at l oaot ono 
master key is— comprises a protection key, said protection key being 
constructed and arranged to protect said sensitive s e cr e ts on sa i d 

53. (Currently amended) The method of claim 33, wherein said instance of 
said application program is recognized by use of a cryptographic technique. 
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54- (Original) The method of claim 53, wherein said cryptographic technique 
is a checksum. 

55. (Currently amended) The method of claim 33, wherein said instance of 
said application program is recognized by its file location. 

56. (Currently amended) The method of claim 33, wherein said instance of 
| said application program is recognized by Its physical address, 

57. (Currently amended) The method of claim 33, wherein said instance of 
said application program is recognized by the system on which it is instantiated. 

58. (Currently amended) The method of claim 33, wherein said instance of 
said application program is recognized by the nature of the interconnection to 
said key repository. 

59. (Currently amended) The method of claim 33 T wherein said Instance of 
said application program is recognized by its communication protocol. 

60. (Currently amended) The method of claim 33, wherein said instance of 
said application program is recognized by a packet header. 

61. (Original) The method of claim 32, wherein said authorization information 
Includes a time constraint. 

62. (Original) The method of claim 32, wherein said authorization information 
includes a file location. 

63. (Original) The method of claim 32, wherein said authorization information 
includes a physical address. 
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64. (Original) The method of claim 32, wherein said authorization information 
includes a universal resource locator. 

65. (Original) The method of claim 32, wherein said authorization information 
includes a system residence. 

86. (Currently amended) The method of claim 32, wherein said d i rect i ve* to 
a irthar i z e storina said authorization information sa i d a ppli ca ti on is provid ed 
initiated bv an operator, 

67. (Currently amended) The method of claim 32, wherein sa i d d i r e Gt i va - to 

author i zo — storing said 9Mthorizati<?n information said — app li cat i on — is 

initiated p f o vi dod by an owner. 

68. (Currently amended) The method of claim 32, wherein s ai d dlr e ot ive-te 

authorizo — storing said authorization information said — a pp li cation — is 

initiated p rov i d e d by two or more owners. 

69. (Currently amended) The method of claim 32, wherein s a i d d i r ective-to 
authoriz estoring said authorization information — s a i d ■ app l icat i on — is 
initiated prov i ded by two or more owners and an operator. 
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